Tutorial – Apache & SSL for Win32

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post…we do not sell, publish, transmit, or have the right to give permission for such…TheTAZZone merely retains the right to use, retain, and publish submitted work within it’s Network

This paper is the work of The Master Jedi Pimpsor AKA thehorse13, who has kindly consented to it being hosted here on the TAZ.

Preface:
============
I had to work on a bunch of Apache on Win32 hosts. Typically, this is against my religion, however, I did it anyway.

While doing it, I went looking for some info on simply redirecting all traffic over HTTPS. I found all the info but some was in different places. I took a base tutorial and made some changes to it so that it had more clarity and also explained how to redirect traffic over HTTPS. Since this is not an original work, all references are cited.

This is tutorial only discusses how to get HTTPS setup with Apache for Win32. It’s nothing more.

Version 1.2 (Up from 1.1 thanks to Mike Young)
Version 1.3 (TheHorse13)
_
_
1. Assumptions
This tutorial assumes that you already have Apache2 installed and working on a Windows server. I have Apache 2.0.52 installed on Windows Server 2000.
_This guide also assumes that you have a standard SSL cert. If you have a supercert, you’ll need to add additional lines to your virtual host in httpd.conf and ssl.conf to deal with the intermediate cert. For more information on what a SuperCert is, please see SGC SuperCert – 256-bit ssl encryption from thawte
_
TIP: Backup your existing httpd.conf file before you begin. If you run into issues, at least you can revert back to the original.
_
2. Needed Files
These are not necessarily the most up-to-date, but they worked for my install so I have included them here. You will need to download both Apache_2.0.55-Openssl_0.9.8a-Win32.zip and Openssl-0.9.8a-Win32.zip
Unzip both of these files to seperate folders.
_
Links:
======

_
3. Setting Up OpenSSL
Copy the files ssleay32.dll and libeay32.dll from the OpenSSL folder to WINNT\System32. Double check that you make sure you copied the dll’s and not the lib’s. Both of these DLL files will be located in the unzipped Openssl-0.9.8a-Win32 folder.
_
Copy mod_ssl.so from the unzipped Apache 2.0.55-Openssl 0.9.8a-Win32\modules folder into the \modules folder of your production Apache server’s path.
_
You also need to download openssl.cnf into the same folder where you unzipped Openssl-0.9.8a-Win32. Windows will remove the .cnf and will make this file look like a dialup icon. Just ignore it. Just make sure you have the file in the right place.
Download ssl.conf and place it in the Apache2/conf directory.
_
Links:
======

_
4. Creating a test certificate
Open a command prompt. Navigate to where you unzipped Openssl-0.9.8a-Win32.
_
openssl req -config openssl.cnf -new -out my-server.csr
_
You can replace my-server.csr with whatever you want aslong as the extention is .csr. When asked for “Common Name (eg, your websites domain name)”, give the exact domain name of your web server (e.g.

). The certificate belongs to this server name and browsers complain if the name doesn’t match.
_
openssl rsa -in privkey.pem -out my-server.key
_
This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator. You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.
_
openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
_
This creates a self-signed certificate that you can use until you get a “real” one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don’t want this.
_
TIP: Sometimes certs will have the suffix crt or cer. If this is the case, you can either rename the certificate file with the .cert suffix to match the lines in this guide or you can change the conf files to reflect whichever certificate suffix came with the certificate file. For example, if Windows sees the suffix cert, it won’t assign the nifty certificate icon to it. It only sees crt and cer as certificate suffixes and will only assign the icon to these suffixes.
_
Create a directory in the Apache folder name Apache2/conf/ssl and move my-server.key and my-server.cert into it.
_
5. Configuring Apache and mod_ssl
Open the httpd.conf file and locate the LoadModule directives.
Add:
LoadModule ssl_module modules/mod_ssl.so
_
After </IfModule> add
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
In the VirtualHost directives add
<VirtualHost

>
SSLEngine On
SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key
</VirtualHost>
_
TIP: To redirect all traffic to the console to the SSL automatically (otherwise, you will get pages served up on both http and https), add these lines beneath </VirtualHost>
RewriteEngine On
RewriteRule (.*) https://%{SERVER_NAME}/ [R]
_
Then be sure to uncomment the following module:
LoadModule rewrite_module modules/mod_rewrite.so

) and DocumentRoot. You will place the location of the secure material in the ” ” after DocumentRoot. So if your secure webpages are on your D: drive, in the folder called secure, the line should look like
DocumentRoot “D:/secure”

Provided that you haven’t made any typos, you should now be able to restart Apache and get SSL pages served up without issue. You can also remove both the zip files and the folders where you extracted Apache_2.0.55-Openssl_0.9.8a-Win32.zip and Openssl_0.9.8a-Win32.zip once you’re sure that everything is working the way you want. However, I recommend keeping the Openssl directory in the event you need to cut certs and such in the future. As for the Apache zip, all we did was pillage the mod_ssl.so file compiled for Win32 so that download is of no use.

About admin
Former Freehand Freelance Graphic Illustrator...
been online since 2004 ( late starter ), blogging since 2005, presently writing a suspense-thriller e-book that began as a screenplay.
View all posts by admin →

There are 960 Games on the 10 Game
Blogs. All AD-Free Game play. Laid-out in easy to find categories with
no more than 5 games per category. All hand-picked games to offer you
the Best the Internet has to offer.No need to flip through page after
page to find something worth playing, no distracting ADs getting in the
way of game play, and no sifting through endless crap and junk to find
something worth while.Other sites may have more games...but
when you have the best you don't need more games.